Re: [patch 2/3] lsm: add bsdjail module

From: Alan Cox
Date: Mon Oct 11 2004 - 10:13:24 EST

Next message: Pavel Machek: "Re: 2.6.9-rc2-mm1 swsusp bug report."
Previous message: Andi Kleen: "Re: 2.6.9-rc4: Aiee on amd64"
In reply to: Christoph Hellwig: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Herbert Poetzl: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sul, 2004-10-10 at 11:41, Christoph Hellwig wrote:
> Your filesystem handling code is completely superflous (and buggy). Please
> remove all the code dealing with chroot-lookalikes. In your userland script
> you simpl have to clone(.., CLONE_NEWNS) to detach your namespace from your
> parent, then you can lazly unmount all filesystems and setup your new namespace
> before starting the jail. The added advantage is that you don't need any
> cludges to keep the user from exiting the chroot.

AF_UNIX socket and fchdir().

That however requires a co-operator outside the chroot so doesn't seem
to be a problem. I like the CLONE approach, its a lot cleaner.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: 2.6.9-rc2-mm1 swsusp bug report."
Previous message: Andi Kleen: "Re: 2.6.9-rc4: Aiee on amd64"
In reply to: Christoph Hellwig: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Herbert Poetzl: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]